FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
This article explains how to keep a WiFi network on the same subnet as LAN or desired VLAN network. This is important as a FortiGate unit requires each network interface to have a single unique network segment.
To create the bridged WiFi and wired LAN configuration, it is necessary to configure the SSID with the local bridge option so that traffic is sent directly over the FortiAP unit’s Ethernet interface to the FortiGate unit, instead of being tunneled to the WiFi controller.
1.) Navigate to WiFi Controller > WiFi Network > SSID and select Create New.
2.) Give a name then select the traffic mode as “Local bridge with FortiAP’s Interface”, configure the SSID and passphrase.
(If its required to have the WiFi network on same subnet of VLAN network which is configured in FortiGate then enter the VLAN ID , by default VLAN ID is 0).
3.) Navigate to WiFi Controller > FortiAP profiles > edit the FortiAP profile applied to AP then select the bridge SSID
Configure the bridge SSID from CLI commands.
This example creates a WiFi interface “Corporate_WiFi” with SSID “Office_WiFi” using WPA-Personal security, passphrase “Fortinet1”.
config wireless-controller vap edit Corporate_WiFi set vdom "root" set ssid "Office_WiFi" set local-bridging enable set passphrase Fortinet1 set vlanid }--- optional if required to have WiFi on VLAN subnet end
config wireless-controller wtp-profile edit FAP221C-default config radio-1 set vaps Corporate_WiFi end config radio-2 set vaps Corporate_WiFi end end If the DHCP server configured on LAN interface then WLAN clients gets an IP from the LAN DHCP lease scope on the FortiGate. If there is a DHCP server it not necessary to create a DHCP relay since the WLAN and LAN fall under bridge interface.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.